Information About the Virtual Ethernet Module

Introduction to Cisco Nexus 1000V and the Virtual Ethernet Module

The Cisco Nexus 1000V is compatible with any upstream physical access layer switch that is Ethernet standard compliant, including the Catalyst 6500 series switch, Cisco Nexus switches, and switches from other network vendors. The Cisco Nexus 1000V is compatible with any server hardware listed in the VMware Hardware Compatibility List (HCL).

Cisco and VMware jointly designed APIs that produced the Cisco Nexus 1000V. The Cisco Nexus 1000V is a distributed virtual switch solution that is fully integrated within the VMware virtual infrastructure, including VMware vCenter for the virtualization administrator. This solution offloads the configuration of the virtual switch and port groups to the network administrator to enforce a consistent data center network policy.

The Cisco Nexus 1000V has the following components that can virtually emulate a 66-slot modular Ethernet switch with redundant supervisor functions:

•Virtual Ethernet module (VEM) data plane—Each hypervisor is embedded with one VEM, which is a lightweight software component that replaces the virtual switch by performing the following functions:

–Advanced networking and security

–Switching between directly attached virtual machines

–Uplinking to the rest of the network

Note Only one version of VEM can be installed on an ESX/ESXi host at any given time.

•Virtual supervisor module (VSM) control plane—The VSM is a virtual appliance that can be installed in either a standalone or active/standby HA pair. The VSM, with the VEMs that is controls, performs the following functions for the Cisco Nexus 1000V system.

Note We recommend an active/standby HA pair configuration.

–Configuration

–Management

A single VSM can manage up to 64 VEMs.

–Monitoring

–Diagnostics

–Integration with VMware vCenter

Active-standby VSMs increase high availability

In the Cisco Nexus 1000V, traffic is switched between virtual machines locally at each VEM instance. Each VEM also interconnects the local virtual machine with the rest of the network through the upstream access-layer network switch (blade, top-of-rack, end-of-row, and so forth). The VSM runs the control plane protocols and configures the state of each VEM accordingly, but it never forwards packets.

In the Cisco Nexus 1000V, the module slots are for the primary module 1 and secondary module 2. Either module can act as active or standby. The first server or host is automatically assigned to Module 3. The Network Interface Card (NIC) ports are 3/1 and 3/2 (vmnic0 and vmnic1 on the ESX/ESXi host). The ports to which the virtual NIC interfaces connect are virtual ports on the Cisco Nexus 1000V where they are assigned a global number.

Obtaining the VEM Software

The VMware vCenter Update Manager (VUM) obtains the VEM software from the VSM or from the VMware online portal. See the VMware and Cisco Nexus 1000V Software Compatibility table in the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4a), to identify which VEM bits are available on the VSM or posted on the VMware online portal.1

VSM

After the VSM has been installed as a VM, copy the file containing the VEM software from the VSM home page located at the following url:

1VMware vCenter Update Manager 4.0 does not list Cisco Nexus 1000V patches or updates, but you can add a Cisco Nexus 1000V patch source using the VMware knowledge base procedure located at the following url:

VMware vCenter Server 4.0 Update 1 with VUM P02 and later versions do not have this limitation.

VMware Patch Releases

The Cisco Nexus 1000V VEM software is updated to support VMware patch releases and is available on both the VMware and Cisco software download websites. The Cisco Nexus 1000V software posted on these websites can be used for both installation and upgrade of the VEM for both the VMware Classic and VMware Embedded platforms.

For information about installing software on an ESX/ESXi host, see your VMware documentation.

Prerequisites for Installing VEM Software

Before installing the Cisco Nexus 1000V VEM software, you must know or do the following:

Caution If the VMware vCenter Server is hosted on the same ESX/ESXi host as a Cisco Nexus 1000V VEM, a VUM-assisted upgrade on the host will fail. You should manually vMotion the vCenter Server VM to another host before you perform an upgrade.

Note When you perform any VUM operation on hosts that are a part of a cluster, ensure that VMWare High Availability (HA), VMware Fault Tolerance (FT), and VMware Distributed Power Management (DPM) features are disabled for the entire cluster. Otherwise, VUM will fail to install the hosts in the cluster.

•Before you perform a VEM upgrade, make sure that there are no active VMs running on the host. When you install the VMware patch ESX/ESXi400-201002001 and later on the host, it puts the host in maintenance mode when you perform a VEM upgrade. If you do not have and also use VMware vCenter Update Manager 4.0 Update 1 Patch 2, vCLI build 198790, and VSM Release 4.0(4)SV1(2) or later releases, in order to have a nondisruptive upgrade.

•You must install VMware patch ESX/ESXi400-201002001 and later on the host and also use VMware vCenter Update Manager 4.0 Update 1 Patch 2, vCLI build 198790, and VSM Release 4.0(4)SV1(2) or later releases, in order to have a nondisruptive upgrade.

•You have a copy of your VMware documentation available for installing software on a host.

•You have already obtained a copy of the VEM software file from one of the sources listed in Table 2.

•If you are installing the VEM software for the first time, you can install it before you install the VSM. However, you cannot verify and configure the VEM until after you install the VSM.

•You have already downloaded the correct VEM software based on the current ESX/ESXi host patch level. For more information, see the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4a).

•If you install the VEM software on an ESXi host before adding the host to a vSphere Server, you must reboot the host. The alternative is to add the host to vSphere Server first and then install the VEM software.

•If you are installing the VEM software for the first time, you will not need any action by the server administrator because VUM automatically installs the VEM software.

•If you use a proxy server to connect VUM to the Internet, you may need to disable the proxy before starting a VUM upgrade. In VMware versions before VUM Update 1, the proxy prevents VUM from communicating locally with the VSM. For this reason, automatic VEM upgrades might fail if the proxy is not disabled first.

•On your upstream switches, you must have the following configuration.

•On your upstream switches, we highly recommend that you globally enable the following:

–Global BPDU Filtering

–Global BPDU Guard

•On your upstream switches where you cannot globally enable BPDU Filtering and BPDU Guard, we highly recommended that you enter the following commands:

–(config-if) spanning-tree bpdu filter

–(config-if) spanning-tree bpdu guard

•For more information about configuring spanning tree, BPDU, or PortFast, see the documentation for your upstream switch.

Choosing a VEM Software Upgrade or Installation Procedure

This section describes how you can upgrade the ESX/ESXi host with the VEM software installed or install or upgrade the VEM software:

The following three diagrams depict the recommended workflows depending on the version of Cisco Nexus 1000V software you have installed. These workflows are for stateful ESXi hosts. For information on stateless ESXi hosts, see Installing a VEM on a Stateless ESXi Host.

Figure 4 Workflow with a Cisco Nexus 1000V Version Prior to 4.0(4)SV1(3b) Installed

There are two possible use cases:

•Upgrading the ESX/ESXi host with VEM software installed

–If you are using VUM to upgrade the host, you must create a host patch baseline and include the appropriate VMware patch or update bulletins and the corresponding Cisco Nexus 1000V VEM bulletin in the baseline. You can then upgrade the host by applying the baseline to the host and remediating. To determine which VUM upgrade procedure you should follow, see the "Upgrading the ESX/ESXi Host With VEM Software Installed Using VUM" section.

–If you are using VUM, the Cisco Nexus 1000V VEM software is installed automatically when the host is added to the Cisco Nexus 1000V Distributed Virtual Switch (DVS). When VEM upgrades are triggered from the VSM, the VEM software is automatically upgraded on the host. To determine which VUM upgrade procedure you should follow, see the "Installing or Upgrading the VEM Software Using the VUM" section.

Upgrading the ESX/ESXi Host With VEM Software Installed Using VUM

Caution If removable media is still connected, for example, if you have installed the VSM by using the ISO image and forgot to remove the media, then host movement to maintenance mode fails and the VUM upgrade fails.

Step 10 Click the Upgrade existing vCenter Server database radio button and check the I have taken a backup of the existing vCenter Server database and SSL certificates in the folder: C:\ProgramData\VMware\VMware VirtualCenter\SSL\. check box.

Step 11 From the Windows Start Menu, click Run.

The Run dialog box opens.

Step 12 Enter the name of the folder that contains the vCenter Server database and click OK.

Step 13 Drag a copy of the parent folder (SSL) to the Desktop as a backup.

Step 14 Return to the installer program.

Step 15 Click Next.

Step 16 In the vCenter Agent Upgrade window, click the Automatic radio button.

Augmenting the Customized ISO

If the ESXi host that is being upgrade to VMware 5.0.0 needs any Async drivers that are not already in VMware 5.0.0, refer to the respective vendor's documentation for the drivers and the procedure to update the customized ISO.

If you are using a QLogic NIC, download the driver to include in the customized ISO for that specific NIC.

Step 31 To check the host versions, click each host in the left-hand pane and confirm that 5.0.0 appears in the top-left corner of the right-hand pane and that the version information matches the contents of the Cisco Nexus 1000V Compatibility Information, Release 4.2(1)SV1(4a).

Step 32 The upgrade can also be confirmed by running the show module command on the VSM and observing that the VEMs are on the correct build.

The upgrade is complete.

Verification After the Upgrade

Step 1 To verify the build number on the ESXi host, run the following commands:

~ # vmware -v

VMware ESXi 5.0.0 build-469512

Step 2 To verify the upgrade on the Cisco Nexus 1000V, run the following commands:

You can use this procedure to upgrade a VMware ESXi 5.0 stateless host connected to a Cisco Nexus 1000V, Release 4.2(1)SV1(4a) DVS to VMware ESXi 5.0 Patch 01 by using the vSphere Auto Deploy PowerCLI.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

•The ESXi 5.0 GA stateless host should be connected to a Cisco Nexus 1000V Release 4.2(1)SV1(4a) DVS with a host profile attached in the vCenter Server.

•The Host Profile Compliance should be Compliant.

•The Answer File Status should be Complete.

For this example, the host has a rule defined with the following values in the PowerCLI:

Installing ESXi 5.0.0 Host Software Using the CLI

You can use this procedure to upgrade an ESXi host by installing a VMware patch or update with the compatible Cisco Nexus 1000V VEM software.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

•If you are using vCLI:

–You have downloaded and installed the VMware vCLI. For information about installing vCLI, see the VMware vCLI documentation.

–You are logged in to the remote host when vCLI is installed.

Note The vSphere Command-Line Interface (vSphere CLI) command set allows you to enter common system administration commands against ESXi systems from any machine with network access to those systems. You can also enter most vSphere CLI commands against a vCenter Server system and target any ESXi system that the vCenter Server system manages. vSphere CLI commands are especially useful for ESXi hosts because ESXi does not include a service console.

DETAILED STEPS

•If you are using vCLI, enter the esxcli command and install the ESXi and VEM software simultaneously.

Note When using the esxcli software vib install command, you must log in to each host and enter the command. ESXi 5.0.0 expects the VIB to be in the /var/log/vmware directory if the absolute path is not specified.

Installing or Upgrading the VEM Software Using the VUM

Caution If removable media is still connected to the host, for example, if you have installed the VSM by using an ISO image and forgot to remove the media, then host movement to maintenance mode fails and the VUM upgrade fails.

When installing or upgrading the VEM software, VMware Update Manager (VUM) automatically selects the correct VEM software to be installed on the host.

VEM software is installed on the host in one of the following procedures:

–If you are using VUM, the Cisco Nexus 1000V VEM software is installed automatically when the host is added to the Cisco Nexus 1000V DVS. When VEM upgrades are triggered from the VSM, the VEM software automatically upgrades on the host. To determine which VUM upgrade procedure you should follow, see the "Installing or Upgrading the VEM Software Using the VUM" section.

Installing or Upgrading the VEM Software Using the CLI

You can use this procedure to install the Cisco Nexus 1000V VEM software on an ESXi host.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

•If you are using vCLI:

–You have downloaded and installed the VMware vCLI. For information about installing vCLI, see the VMware vCLI documentation.

–You are logged in to the remote host where vCLI is installed.

Note The vSphere Command-Line Interface (vCLI) command set allows you to enter common system administration commands against ESXi systems from any machine with network access to those systems. You can also enter most vCLI commands against a vCenter Server system and target any ESXi system that the vCenter Server system manages. vCLI commands are especially useful for ESXi hosts because ESXi does not include a service console.

Information About a Stateless ESXi Host

Note A stateless deployment's PXE VLAN should be the same of the native VLAN, the management VLAN, and the system VLAN.

VMware vSphere 5.0.0 introduces the VMware Auto Deploy feature which provides the infrastructure for loading the ESXi image directly into the host's memory. If a host is configured for Auto Deploy, it does not store the image state. Instead, the image is loaded from the Auto Deploy server for every boot. A host that gets its image from an Auto Deploy server is defined as a stateless host. In this context, the image with which the host boots is identified as the image profile.

An image profile is a collection of vSphere Installation Bundles (VIBs) required for the host to operate and the image profile includes base VIBs from VMware and additional VIBs from partners.

On a stateless host, VEM software can be installed or upgraded using either the VUM or CLI.

In addition, the new or modified VEM module should also be bundled in the Image Profile from which the stateless host boots. Without this, the VEM module will not be persisted across reboot of the stateless host.

When entering the esxcli software vib install command on an ESXi 5.0.0 host, the following message displays:

Message: WARNING: Only live system was updated, the change is not persistent.

The following procedure describes how to bundle the VEM into the Image Profile and how to upgrade existing VEMs in the image profile.

For a more detailed description of the VMware Auto Deploy Infrastructure and Stateless boot process, see the "Installing ESXi using VMware Auto Deploy" chapter of the vSphere Installation and Setup, vSphere 5.0.0 document.

Adding the Cisco Nexus 1000V to an ESXi Image Profile

This section describes how to add a Cisco Nexus 1000V to an ESXi Image Profile.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

•Install and set up the VMware Auto Deploy server. See the vSphere Installation and Setup, vSphere 5.0.0 document.

•Install the VMware PowerCLI on a Windows platform. This is required for bundling the VEM module into the image profile. For more information, see the vSphere PowerCLI Installation Guide.

•On the same Windows platform, where VMware PowerCLI is installed:.

–Download the image profile offline bundle, which is a .zip file, to a local file path.

–Download the VEM offline bundle, which is a .zip file, to a local file path.

Note In the following procedure, the image profile bundle is available as C:\ESXi-5.0.0-depot.zip and the VEM bundle is available as C:\VEM500-20110822140-BG.zip.

Step 12 Display the configured rule to make sure the correct image profile is associated with the host.

[vSphere PowerCLI] > Get-DeployRuleSet

Name : rule-test

PatternList : {mac=00:50:56:b6:03:c1}

ItemList : {n1kv-Image}

Step 13 Reboot the host.

The host contacts the Auto-Deploy server and presents the host boot parameters. The Auto Deploy server checks the rules to find the image profile associated with this host. The Auto Deploy server loads the image to the host's memory and the host boots from it.

Installing the VEM Software on an ESXi Stateless Host Using esxcli

The following procedure shows you how to install the VEM software by using the esxcli command.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

This document is to be used in conjunction with the documents listed in the section.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Internet Protocol (IP) addresses used in this document are for illustration only. Examples, command display output, and figures are for illustration only. If an actual IP address appears in this document, it is coincidental.